If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Hello Guest,Our records indicate that you have never posted to our site before! Why not make your first post today by saying hello to our community in our Introductions forum.

Please review the forums rules, start with your first post today and become an active part of petri.co.il forums now!

Local login denied for single Win2k Workstation - Can you help?

17th July 2009, 22:40

Hello All,
I have recently run into a problem with one of my user's workstations. I manage a small office of about fifteen workstations which are all connected to a Windows 2000 Advanced Server directory. The users like to move around a lot and on the slightest whim, so I've resorted to setting everything up with roaming profiles. I know, makes things complicated don't it? That's not the issue, however one of my regular employee's workstation does not want to allow any domain based user to log in locally. That same user can log in at any other station in the building without a problem and download his roaming profile from the domain server.
At this person's station however I am unable to log in with ANY account unless it is a domain/enterprise admin account, any local user account, or one of the terminal accounts I have set up. Once again, any time I try to log in with any other account I get an error of "The local policy does not permit you to log on interactively." I've got one hair of patience with this stupid computer left before I reformat it and reinstall everything, please help!

Comment

Hello All,
I have recently run into a problem with one of my user's workstations. I manage a small office of about fifteen workstations which are all connected to a Windows 2000 Advanced Server directory. The users like to move around a lot and on the slightest whim, so I've resorted to setting everything up with roaming profiles. I know, makes things complicated don't it? That's not the issue, however one of my regular employee's workstation does not want to allow any domain based user to log in locally. That same user can log in at any other station in the building without a problem and download his roaming profile from the domain server.
At this person's station however I am unable to log in with ANY account unless it is a domain/enterprise admin account, any local user account, or one of the terminal accounts I have set up. Once again, any time I try to log in with any other account I get an error of "The local policy does not permit you to log on interactively." I've got one hair of patience with this stupid computer left before I reformat it and reinstall everything, please help!

Removing it from the domain is unlikely to help as you can already authenticate with the domain and logon interactively except only with the administrator account.

Someone has amended the local security policy on that machine (secpol.msc) or removed domain users from Users group on the local machine. Have a look at the local groups on that machine and ensure the domain users or whatever user account you are using to log on with is present in the local groups. In addition if you have a look at the machines local security policy investigate under secpol.msc>local policies>user right assignments>deny logon locally and see what user accounts are specified there.